summaryrefslogtreecommitdiff
path: root/spec/features/security/group/private_access_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features/security/group/private_access_spec.rb')
-rw-r--r--spec/features/security/group/private_access_spec.rb104
1 files changed, 104 insertions, 0 deletions
diff --git a/spec/features/security/group/private_access_spec.rb b/spec/features/security/group/private_access_spec.rb
new file mode 100644
index 00000000000..0d01310b449
--- /dev/null
+++ b/spec/features/security/group/private_access_spec.rb
@@ -0,0 +1,104 @@
+require 'rails_helper'
+
+describe 'Private group access', feature: true do
+ include AccessMatchers
+ include GroupAccessHelper
+
+
+
+ describe 'GET /groups/:path' do
+ subject { group_path(group(Gitlab::VisibilityLevel::PRIVATE)) }
+
+ context "when user not in group project" do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to_not be_allowed_for :user }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+
+ context "when user in group project" do
+ it { is_expected.to be_allowed_for project_group_member(:user) }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/issues' do
+ subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) }
+
+ context "when user not in group project" do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to_not be_allowed_for :user }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+
+ context "when user in group project" do
+ it { is_expected.to be_allowed_for project_group_member(:user) }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/merge_requests' do
+ subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) }
+
+ context "when user not in group project" do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to_not be_allowed_for :user }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+
+ context "when user in group project" do
+ it { is_expected.to be_allowed_for project_group_member(:user) }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+ end
+
+
+ describe 'GET /groups/:path/group_members' do
+ subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) }
+
+ context "when user not in group project" do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to_not be_allowed_for :user }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+
+ context "when user in group project" do
+ it { is_expected.to be_allowed_for project_group_member(:user) }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/edit' do
+ subject { issues_group_path(group(Gitlab::VisibilityLevel::PRIVATE)) }
+
+ context "when user not in group project" do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to_not be_allowed_for :user }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+
+ context "when user in group project" do
+ it { is_expected.to be_allowed_for project_group_member(:user) }
+ it { is_expected.to_not be_allowed_for :visitor }
+ end
+ end
+end
View Lorry Controller Status